Junos Pulse Secure Access Getting Started Guide

  • View
    216

  • Download
    4

Embed Size (px)

Text of Junos Pulse Secure Access Getting Started Guide

  • Junos Pulse Secure Access Service

    Junos Pulse Secure Access Getting Started Guide

    Release

    8.0

    Published: 2013-11-15

    Copyright 2013, Juniper Networks, Inc.

  • Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.net

    Copyright 2013, Juniper Networks, Inc. All rights reserved.

    Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

    Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.

    Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that areowned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

    Junos Pulse Secure Access Service Junos Pulse Secure Access Getting Started GuideRelease 8.0Copyright 2013, Juniper Networks, Inc.All rights reserved.

    The information in this document is current as of the date on the title page.

    YEAR 2000 NOTICE

    Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.

    ENDUSER LICENSE AGREEMENT

    The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (EULA) posted athttp://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions ofthat EULA.

    Copyright 2013, Juniper Networks, Inc.ii

    http://www.juniper.net/support/eula.html

  • Table of Contents

    About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

    Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

    Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

    Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

    Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

    Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

    Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

    Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

    Part 1 Overview

    Chapter 1 Secure Access Solution and Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

    Secure Access Service Solution Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

    Securing Traffic with Secure Access Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

    Chapter 2 User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

    Authenticating Users with Existing Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

    Chapter 3 Resource Intermediation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

    Fine-Tuning Access to Secure Access Service and the Resources It

    Intermediates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

    Chapter 4 Host Checker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

    Protecting Against Infected Computers and Other Security Concerns . . . . . . . . . . 11

    Chapter 5 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

    Ensuring Redundancy in the Secure Access Service Environment . . . . . . . . . . . . . 13

    Part 2 Configuration

    Chapter 6 Secure Access Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

    Configuring Secure Access Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

    Part 3 Administration

    Chapter 7 Administrator Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

    Default Settings for Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

    Trusted Server List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

    Administrator and User Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

    White List Flow Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

    iiiCopyright 2013, Juniper Networks, Inc.

  • Chapter 8 Test Scenario Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

    Creating a Test Scenario to Learn Secure Access Service Concepts and Best

    Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

    Using the Test Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

    Chapter 9 Resource Intermediation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

    Creating a Seamless Integration Between Secure Access Service and the

    Resources It Intermediates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

    Chapter 10 User Access and End-User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

    Enabling Users on a Variety of Computers and Devices to Use Secure Access

    Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

    Providing Secure Access for My International Users . . . . . . . . . . . . . . . . . . . . . . . . 31

    Verifying User Accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

    Chapter 11 Admin and End-User Interface Customization . . . . . . . . . . . . . . . . . . . . . . . . 35

    Making the Secure Access Service Interface Match My Companys

    Look-and-Feel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

    Customizable Admin and End-User UIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

    Customizable End-User Interface Elements Overview . . . . . . . . . . . . . . . . . . 37

    Chapter 12 Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

    Using the Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

    Rolling Back to a Previous System State Through the Serial Console . . . . . . . . . . 40

    Resetting a Secure Access Service Device to the Factory SettingUsing the Serial

    Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

    Performing Common Recovery Tasks with the Serial Console . . . . . . . . . . . . . . . . 42

    Part 4 Index

    Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

    Copyright 2013, Juniper Networks, Inc.iv

    Junos Pulse Secure Access Getting Started Guide

  • List of Figures

    Part 1 Overview

    Chapter 1 Secure Access Solution and Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

    Figure 1: Secure Access Service Working within a LAN . . . . . . . . . . . . . . . . . . . . . . . 4

    vCopyright 2013, Juniper Networks, Inc.

  • Copyright 2013, Juniper Networks, Inc.vi

    Junos Pulse Secure Access Getting Started Guide

  • List of Tables

    About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

    Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

    Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

    viiCopyright 2013, Juniper Networks, Inc.

  • Copyright 2013, Juniper Networks, Inc.viii

    Junos Pulse Secure Access Getting Started Guide

  • About the Documentation

    Documentation and Release Notes on page ix

    Supported Platforms on page ix

    Documentation Conventions on page ix

    Documentation Feedback on page xi

    Requesting Technical Support on page xi

    Documentation and Release Notes

    To obtain the most current version of all Juniper Networkstechnical documentation,

    see the product documentation page on the Juniper Networks website at

    http://www.juniper.net/techpubs/.

    If the informa